一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

BaseScore：10.0 None

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | security-advisories.github.com |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(20230815):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP1:

4.openEuler-22.03-LTS-SP3:

5.openEuler-22.03-LTS-SP4:

6.openEuler-24.03-LTS(20230815):

7.openEuler-24.03-LTS-Next(20230815):

修复是否涉及abi变化(是/否)：

1.master(20230815):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP1:

4.openEuler-22.03-LTS-SP3:

5.openEuler-22.03-LTS-SP4:

6.openEuler-24.03-LTS(20230815):

7.openEuler-24.03-LTS-Next(20230815):

一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞创建时间：2024-08-13 07:30:04

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞创建时间：2024-08-13 07:30:04

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-42479 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | security-advisories.github.com |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | nvd |

| | | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | | nvd |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

10.0

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

受影响版本排查(受影响/不受影响)：

1.master(20230815):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP1:

4.openEuler-22.03-LTS-SP3:

5.openEuler-22.03-LTS-SP4:

6.openEuler-24.03-LTS(20230815):

7.openEuler-24.03-LTS-Next(20230815):

修复是否涉及abi变化(是/否)：

1.master(20230815):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP1:

4.openEuler-22.03-LTS-SP3:

5.openEuler-22.03-LTS-SP4:

6.openEuler-24.03-LTS(20230815):

7.openEuler-24.03-LTS-Next(20230815):

一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞创建时间：2024-08-13 07:30:04

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-42479 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | security-advisories.github.com |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | nvd |

| | | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | | nvd |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

10.0

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

受影响版本排查(受影响/不受影响)：

1.master(20230815):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP1:

4.openEuler-22.03-LTS-SP3:

5.openEuler-22.03-LTS-SP4:

6.openEuler-24.03-LTS(20230815):

7.openEuler-24.03-LTS-Next(20230815):

修复是否涉及abi变化(是/否)：

1.master(20230815):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP1:

4.openEuler-22.03-LTS-SP3:

5.openEuler-22.03-LTS-SP4:

6.openEuler-24.03-LTS(20230815):

7.openEuler-24.03-LTS-Next(20230815):

一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞创建时间：2024-08-13 07:30:04

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-42479 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | security-advisories.github.com |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | nvd |

| | | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | | nvd |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

修复是否涉及abi变化(是/否)：

一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞创建时间：2024-08-13 07:30:04

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-42479 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | security-advisories.github.com |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | nvd |

| | | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | | nvd |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

9.8

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

受影响版本排查(受影响/不受影响)：

1.master(20230815):受影响

2.openEuler-20.03-LTS-SP4:不受影响

3.openEuler-22.03-LTS-SP1:不受影响

4.openEuler-22.03-LTS-SP3:不受影响

5.openEuler-22.03-LTS-SP4:不受影响

6.openEuler-24.03-LTS(20230815):不受影响

7.openEuler-24.03-LTS-Next(20230815):不受影响

修复是否涉及abi变化(是/否)：

1.master(20230815):否

2.openEuler-20.03-LTS-SP4:否

3.openEuler-22.03-LTS-SP1:否

4.openEuler-22.03-LTS-SP3:否

5.openEuler-22.03-LTS-SP4:否

6.openEuler-24.03-LTS(20230815):否

7.openEuler-24.03-LTS-Next(20230815):否

一、漏洞信息

漏洞编号：[CVE-2024-42479](https://nvd.nist.gov/vuln/detail/CVE-2024-42479)

漏洞归属组件：[llama.cpp](https://gitee.com/src-openeuler/llama.cpp)

漏洞归属的版本：20230815

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

漏洞公开时间：2024-08-12 23:15:21

漏洞创建时间：2024-08-13 07:30:04

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | |

| security-advisories.github.com | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-42479 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | security-advisories.github.com |

| | | https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b | | nvd |

| | | https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj | | nvd |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

9.8

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

受影响版本排查(受影响/不受影响)：

1.master(20230815):受影响

2.openEuler-20.03-LTS-SP4:不受影响

3.openEuler-22.03-LTS-SP1:不受影响

4.openEuler-22.03-LTS-SP3:不受影响

5.openEuler-22.03-LTS-SP4:不受影响

6.openEuler-24.03-LTS(20230815):不受影响

7.openEuler-24.03-LTS-Next(20230815):不受影响

修复是否涉及abi变化(是/否)：

1.master(20230815):否

2.openEuler-20.03-LTS-SP4:否

3.openEuler-22.03-LTS-SP1:否

4.openEuler-22.03-LTS-SP3:否

5.openEuler-22.03-LTS-SP4:否

6.openEuler-24.03-LTS(20230815):否

7.openEuler-24.03-LTS-Next(20230815):否